-
quagga (1.2.4-4ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: DoS via out-of-bounds read
- debian/patches/CVE-2022-37032.patch: don't memcpy past end of buffer
in bgpd/bgp_packet.c.
- CVE-2022-37032
* SECURITY UPDATE: DoS via BGP UPDATE without mandatory attributes
- debian/patches/CVE-2023-46753.patch: check mandatory attributes more
carefully for UPDATE message in bgpd/bgp_attr.c.
- CVE-2023-46753
-- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 14:49:20 -0400
-
quagga (1.2.4-4ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2023-41358.patch: Do not process NLRIs if the
attribute length is zero
- debian/patches/CVE-2023-41360.patch: Don't read the first byte of ORF
header if we are ahead of stream
- CVE-2023-41358
- CVE-2023-41360
-- Nishit Majithia <email address hidden> Mon, 16 Oct 2023 13:05:21 +0530
-
quagga (1.2.4-4build1) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:07:56 +0000
